Bulletproofing Web Applications

Adam Kolawa

Subscribe to Adam Kolawa: eMailAlertsEmail Alerts
Get Adam Kolawa via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Adam Kolawa

Garbage in, garbage out - it's an axiom that applies to many aspects of enterprise development, but none more so than building reliable and robust Web applications and integration projects with XML. Since its inception, XML has been seen as the cure-all for every problem related to Web application development. However, poorly written XML can either slow down an integration project, or worse, cause the integration project to collapse. It's important to understand some of the inefficiencies of XML, as well as how you can "clean up" and prevent the use of poorly written XML in development projects. After all, system performance is only as good as the data received and the instructions given. If errors are contained in the XML, it is more likely than not that the system will crash. One of the main benefits of XML is that it provides mechanisms for verifying document val... (more)

Saturday Essay: Why Outsourcing is a "Tremendous Opportunity" for US Economy

Related Links: Outsourcing "Has Been Going On Forever" - Intel's CEO Offshore Outsourcing: Magic Bullet or Dirty Word? 1 in 4 IT Jobs Going Offshore, Says Gartner; One Major "Offshoring Failure" in 2004 Predicted IT Trends: "Intelligent Computing" is Greater Threat than Outsourcing One hot topic in this year's election is whether (and how) to stop U.S. companies from engaging in offshore outsourcing to India, China, and other countries. Dr. Adam Kolawa, the co-founder and CEO of Parasoft, is not convinced that limiting outsourcing in order to protect the U.S. economy is the answe... (more)

Java Application Security in the Corporate World

The vast majority of corporate developers truly believe that application security is not their concern, assuming that network and engineering groups will build their environment in a secure way. But what about application security? Are you ready for the code audit? Application Security Isn't Getting the Attention It Deserves When most people in the corporate world talk about "security," they mean the security of the network, operating system, and servers. Organizations that want to protect their systems against hacker attacks invest a lot of time, effort, and money ensuring that t... (more)

Building Security into Software with Security Policies & Static Analysis

The common approach to securing applications is to try to identify and remove all of the application's security vulnerabilities at the end of the development process. However, this bug-finding approach is not only resource-intensive, it's largely ineffective. To have any chance of exposing all of the security vulnerabilities that may be nested throughout the application, the team would have to identify every single path through the application then rigorously test each and every one. And any error found would be difficult to fix, considering that the effort, cost, and time requ... (more)

SOA Best Practices - Four Steps to Securing Your Web Services

Dr Adam Kolowa (pictured), Founder & CEO of Parasoft and panelist at SYS-CON Events'  "SOA Web Services Power Panel" at SOA Web Services Edge Conference & Expo - June 5-6, 2006 - in New York City, writes: Security has the inherent nature of spanning many different layers of a Web Services system. Web Services vulnerabilities can be present in the operating system, the network, the database, the Web server, the application server, the XML parser, the Web Services implementation stack, the application code, the XML firewall, the Web Service monitoring or management appliance, or just... (more)